CVE-2026-40287 | MervinPraison PraisonAI/praisonaiagents up to 4.5.138 tools.py import_tools_from_file code injection (GHSA-g985-wjh9-qxxc)

Inserito da Angelo Barbosa | Apr 14, 2026 | CVE

A vulnerability was found in MervinPraison PraisonAI and praisonaiagents up to 4.5.138. It has been declared as critical. Impacted is the function import_tools_from_file of the file tools.py. Such manipulation leads to code injection.

This vulnerability is referenced as CVE-2026-40287. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.

CVE-2026-40287 | MervinPraison PraisonAI/praisonaiagents up to 4.5.138 tools.py import_tools_from_file code injection (GHSA-g985-wjh9-qxxc)

Post correlati

CVE-2019-25365 | ChaosPro 2.0 stack-based overflow (Exploit 47551 / EDB-47551)

CVE-2024-29880 | JetBrains TeamCity up to 2023.10 Agent Process routine

CVE-2025-22776 | Jay Carter WP Bulletin Board Plugin up to 1.1.4 on WordPress cross site scripting

CVE-2024-10590 | Opt-In Downloads Plugin up to 4.07 on WordPress unrestricted upload